>> poppassd is better because: >> a) you don't need to elevate user's privileges >> b) you provide tool that can be used by any email client that >> supports poppass protocol >> c) there are poppass servers written for PAM, NIS, shadow passwords, LDAP >> and courier authdaemon > > Cant i just use the pw utility that comes with freebsd,moreso since i use > freebsd?? How do i elevate user privilileges with this? my users default > login is set to nologin.
Privilege elevation happens when unpriviled user can issue command as different user. In your case webserver (user nobody) changes password of other user. -- from README -- 3) Make sure the file permissions on the chpasswd file are correct (unless you'll be using the 'pw' utility on FreeBSD). Substitue the name of the user that your web server runs under for "apache" in the command below: # chown root:apache chpasswd # chmod 4750 chpasswd ------ This is privilege elevation. from FreeBSD 5.2.1 ---- ls -l /usr/sbin/pw -r-xr-xr-x 1 root wheel 53616 Jun 4 09:28 /usr/sbin/pw ---- This is program which does not allow privilege elevation I might be wrong about syntax of pw command, but I don't see old password verification in pw command used by plugin (change_passwd 4.0). pw does not have options that check old password. Password changes shoudn't work unless program is SUID'ed. PS. It would be nice to fix plugin's README, because commands ---- $ chown root:apache chpasswd $ chmod 4750 chpasswd ---- does not work. '$' indicates shell of unprivileged user. -- Tomas ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
